From 9b43ffcc4974c276ee22ace8aa5d8a35a3f78ca7 Mon Sep 17 00:00:00 2001
From: Isaiah Inuwa <iinuwa@bitwarden.com>
Date: Fri, 19 Dec 2025 11:34:03 -0600
Subject: [PATCH] Address review feedback

---
 .../win_webauthn/src/plugin/com.rs             |  2 +-
 .../win_webauthn/src/plugin/types.rs           | 18 +++++++++++++++++-
 .../win_webauthn/src/types/mod.rs              |  5 +----
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/apps/desktop/desktop_native/win_webauthn/src/plugin/com.rs b/apps/desktop/desktop_native/win_webauthn/src/plugin/com.rs
index 9bfcfda1c11..3f021f46a08 100644
--- a/apps/desktop/desktop_native/win_webauthn/src/plugin/com.rs
+++ b/apps/desktop/desktop_native/win_webauthn/src/plugin/com.rs
@@ -219,7 +219,7 @@ impl IPluginAuthenticator_Impl for PluginAuthenticatorComObject_Impl {
 
         match self.handler.cancel_operation(request.into()) {
             Ok(()) => {
-                tracing::error!("CancelOperation completed successfully");
+                tracing::debug!("CancelOperation completed successfully");
                 S_OK
             }
             Err(err) => {
diff --git a/apps/desktop/desktop_native/win_webauthn/src/plugin/types.rs b/apps/desktop/desktop_native/win_webauthn/src/plugin/types.rs
index ae06266141e..f6a9d8575c0 100644
--- a/apps/desktop/desktop_native/win_webauthn/src/plugin/types.rs
+++ b/apps/desktop/desktop_native/win_webauthn/src/plugin/types.rs
@@ -547,8 +547,16 @@ impl PluginMakeCredentialRequest {
                 err,
             )
         })?;
-
+        // SAFETY: Initialized by successful call to webauthn_decode_make_credential()
         let registration_request = registration_request.assume_init();
+
+        if request.hWnd.is_invalid() {
+            return Err(WinWebAuthnError::new(
+                ErrorKind::WindowsInternal,
+                "Invalid handle received",
+            ));
+        }
+
         Ok(Self {
             inner: registration_request as *const WEBAUTHN_CTAPCBOR_MAKE_CREDENTIAL_REQUEST,
             window_handle: request.hWnd,
@@ -989,6 +997,14 @@ impl PluginGetAssertionRequest {
                 err,
             )
         })?;
+
+        if request.hWnd.is_invalid() {
+            return Err(WinWebAuthnError::new(
+                ErrorKind::WindowsInternal,
+                "Invalid handle received",
+            ));
+        }
+
         Ok(Self {
             // SAFETY: Windows should return a valid decoded assertion request struct.
             inner: assertion_request as *const WEBAUTHN_CTAPCBOR_GET_ASSERTION_REQUEST,
diff --git a/apps/desktop/desktop_native/win_webauthn/src/types/mod.rs b/apps/desktop/desktop_native/win_webauthn/src/types/mod.rs
index bb6139d54aa..955d4776a6d 100644
--- a/apps/desktop/desktop_native/win_webauthn/src/types/mod.rs
+++ b/apps/desktop/desktop_native/win_webauthn/src/types/mod.rs
@@ -724,7 +724,7 @@ mod tests {
         let aaguid = Uuid::try_from(AAGUID).unwrap();
         let authenticator_info = AuthenticatorInfo {
             versions: HashSet::from([CtapVersion::Fido2_0, CtapVersion::Fido2_1]),
-            aaguid: aaguid,
+            aaguid,
             options: Some(HashSet::from([
                 "rk".to_string(),
                 "up".to_string(),
@@ -778,9 +778,6 @@ mod tests {
         } else {
             panic!("CBOR should decode to a map");
         }
-
-        // Print the generated CBOR for verification
-        println!("Generated CBOR hex: {}", hex::encode(&cbor_bytes));
     }
 
     #[test]